i don't know if this is a new one or old but
those days some of my computers in my network got an new trojan subseven .The file was internet.exe .
this file run like a service in your computer and open a port 5351 or near this .This file send an signal to an specified host with
subseven.cgi with the host infected ,the port opened,the username and the password of the port.

The file internet.exe load himself at start up of the computer by modifying the registry in the
hkeylocalmachine
software
microsoft
windows
current version
run

Norton and MCaffe cannot detect this file.
You can see the file activity only by the logs of your firewall.

if you detect the file internet.exe that resides in the %windir%
you can easly delete it